<?php
require("config.php");
session_start();
if ($_POST['postback']) {
	$username = & get_post('username');
	$password = & get_post("password");
	if ($_SESSION['captcha'] == trim(get_post('validate_code'))) {		
		$result = $db->query("select * from po_user where username='%s' and password=md5('%s')", $username, $password);
		if ($result) {
			if (($row = $db->fetch_assoc($result))) {
				$user['username'] = $username;
				save_user($user);
				page_common("登录成功");
				if ($user && isset($user['burl'])) {
					$t->set_var("T_BURL", $user['burl']);
				} else {
					$t->set_var("T_BURL", URL_ROOT . "index.php");
				}
				$t->set_file("body", "login_success.html");
				$t->pparse("out", "body");
				exit;
			} else {
				$t->set_var("T_ERROR", "<p><font color='red'>登录失败：用户名或密码错误！</font></p>");
				$t->set_var("T_USERNAME", $username);
				$t->set_var("T_PASSWORD", $password);
			}
		}
	} else {
		$t->set_var("T_ERROR", "<p><font color='red'>登录失败：验证码错误！</font></p>");
		$t->set_var("T_USERNAME", $username);
		$t->set_var("T_PASSWORD", $password);
	}
}

page_common("登录");
$t->set_file("body", "login.html");
$t->pparse("out", "body");
